QUESTION 2
Your network consists of one Active Directory forest that contains one root domain and 22 child domains.
All domain controllers run Windows Server 2003. All domain controllers run the DNS Server service and host Active Directory integrated zones. 70-698 dumps
Administrators report that it takes more than one hour to restart the DNS servers. You need to reduce the time it takes to restart the DNS servers.
What should you do?
A. Upgrade all domain controllers to Windows Server 2008.
B. Upgrade all domain controllers in the root domain to Windows Server 2008, and then set the functional level for the root domain to Windows Server 2008.
C. Deploy new secondary zones on additional servers in each child domain.
D. Change the Active Directory-integrated DNS zones to standard primary zones.
Correct Answer: A

QUESTION 3
Your company has one main office and 10 branch offices.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 and are located in the main office. You plan to deploy one Windows Server 2008 domain controller in each branch office. You need to recommend a security solution for the branch office domain controllers. The solution must prevent unauthorized users from copying the Active Directory database from a branch office domain controller by starting the server from an alternate startup disk.
What should you recommend on each branch office domain controller?
A. Enable the secure server IPsec policy.
B. Enable the read-only domain controller (RODC) option.
C. Enable Windows BitLocker Drive Encryption (BitLocker).
D. Enable an Encrypting File System (EFS) encryption on the %Systemroot%\NTDS folder.
Correct Answer: C

QUESTION 5
Your network consists of one Active Directory domain. The network contains one Active Directory site. All domain controllers run Windows Server 2008. You create a second Active Directory site and plan to install a domain controller that runs Windows Server 2008 in the new site.
You also plan to deploy a new firewall to connect the two sites.
You need to enable the domain controllers to replicate between the two sites.
Which traffic should you permit through the firewall?
A. LDAP
B. NetBIOS
C. RPC
D. SMTP
Correct Answer: C

QUESTION 6
Your company has 5,000 users. The network contains servers that run Windows Server 2008. You need to recommend a collaboration solution for the users to meet the following requirements:
Support tracking of document version history.
Enable shared access to documents created in Microsoft Office. Enable shared access to documents created by using Web pages.
The solution must be achieved without requiring any additional costs.
What should you recommend?
A. Install servers that run the Web Server role.
B. Install servers that run the Application Server role.
C. Install servers that run Microsoft Windows SharePoint Services (WSS) 3.0.
D. Install servers that run Microsoft Office SharePoint Server (MOSS) 2007.
Correct Answer: C
QUESTION 7
Your Company has a main office and 10 branch offices.
The network consists of one Active Directory domain. All domain controllers run Windows Server 2008 R2 and are located in the main office.
Each branch office contains one member server. Branch office administrators in each branch office are assigned the necessary rights to administer only their member servers. 70-698 dumps
You deploy one read-only domain controller (RODC) in each branch office.
You need to recommend a security solution for the branch office Windows Server 2008 R2 domain controllers. The solution must meet the following requirements:
?Branch office administrators must be granted rights on their local domain controller only. ?Branch office administrators must be able to administer the domain controller in their branch office. This includes changing device drivers and running Windows updates.
What should you recommend?
A. Add each branch office administrator to the Administrators group of the domain.
B. Add each branch office administrator to the local Administrators group of their respective domain controller.
C. Grant each branch office administrator Full Control permission on their domain controller computer object in Active Directory.
D. Move each branch office domain controller computer object to a new organizational unit (OU). Grant each local administrator Full Control permission on the new OU.
Correct Answer: B

QUESTION 8
Your network consists of one Active Directory domain that contains domain controllers that run Windows Server 2008. The relative identifier (RID) operations master role for the domain fails and cannot be restored. You need to restore the RID master role on the network.
What should you do?
A. Run netdom query /d:contoso.com fsmo.
B. From another domain controller, seize the RID operations master role.
C. Force replication between all domain controllers, and then run the Server Manager.
D. Force replication between all domain controllers, and then run the File Server Resource Manager (FSRM).
Correct Answer: B

QUESTION 9
Your network consists of one Active Directory domain that contains only domain controllers that run Windows Server 2003.
Your company acquires another company.
You need to provide user accounts for the employees of the newly acquired company. The solution must support multiple account lockout policies.
What should you do?
A. Implement Authorization Manager.
B. Implement Active Directory Federation Services (AD FS).
C. Upgrade one domain controller to Windows Server 2008. Raise the functional level of the domain to Windows Server 2003.
D. Upgrade all domain controllers to Windows Server 2008. Raise the functional level of the domain to Windows Server 2008.
Correct Answer: D

QUESTION 10
Your network consists of one Active Directory domain. The functional level of the domain is Windows Server 2008.
The domain has 30 domain controllers. Twenty administrators manage the domain. You plan to implement an audit and compliance policy.
You need to ensure that all changes made to Active Directory objects are recorded.
What should you do?
A. On all domain controllers, run the Security Configuration Wizard (SCW).
B. In the Default Domain Controller Policy, configure a Directory Services Auditing policy.
C. In the Default Domain Controller Policy, configure and implement a file-level audit policy for the SYSVOL volume.
D. Create a Group Policy object (GPO) linked to the Domain Controllers OU. Configure the GPO to install the Microsoft Baseline Security Analyzer (MBSA).
Correct Answer: B

QUESTION 11
Your network consists of one Active Directory domain. All domain controllers run Windows Server 2008.
You have file servers that run Windows Server 2008. Client computers run Windows Vista and UNIX-based operating systems. All users have both Active Directory user accounts and UNIX realm user accounts. Both environments follow identical user naming conventions. 70-698 dumps
You need to provide the UNIX-based client computers access to the file servers. The solution must meet the following requirements:
?Users must only log on once to access all resources. ?No additional client software must be installed on UNIX-based client computers.
What should you do?
A. Create a realm trust so that the Active Directory domain trusts the UNIX realm.
B. Install an Active Directory Federation Services (AD FS) server that runs Windows Server 2008 R2
C. Enable the subsystem for UNIX-based applications on the file servers. Enable a Network File System (NFS) component on the client computers.
D. Enable the User Name Mapping component and configure simple mapping. Enable a Network File System (NFS) component on the servers.
Correct Answer: D

QUESTION 12
Your company named Contoso and another company named Fabrikam establish a partnership. The Contoso network consists of one Active Directory domain named contoso.com. File servers are installed on the contoso.com domain. All file servers run Windows Server 2008. The Fabrikam network consists of one Active Directory forest named fabrikam.com.
You need to plan a solution to enable Fabrikam users to access resources on the file servers. The solution must meet the following requirements:
Ensure that Fabrikam users can access resources only on the file servers. Ensure that Contoso users are denied access to Fabrikam resources.
What should you do first?
A. Create a one-way forest trust so that Contoso trusts Fabrikam. Set selective authentication on the trust.
B. Create a one-way forest trust so that Fabrikam trusts Contoso. Set selective authentication on the trust.
C. Create a one-way forest trust so that Contoso trusts Fabrikam. Set forest-wide authentication on the trust.
D. Create a one-way forest trust so that Fabrikam trusts Contoso. Set forest-wide authentication on the trust.
Correct Answer: A